That is a great question and I think a very common experience.
I have found success in 2 ways: 1) tie reviews to contract renewals. Whenever possible, I look to schedule third party reassessments and associated information gathering to correspond to when contracts are up for renewals or renegotiations. This adds extra motivation for the third party to respond quickly and fully to requests for due diligence.
2) Be relentless. Issues we experience with vendors providing information we take to the business owner with the expectation that they escalate that request.
I also will always ask if there is a portal or alternate means to obtain documentation on demand. So many vendors are moving this way, sometimes its just a matter of finding the right person to give you that access.
Good luck and don't give up! I am interested to see what strategies others have found successful.
Shelly
Original Message:
Sent: 03-15-2021 01:29 PM
From: Calista Wegner
Subject: Requesting compliance documentation from vendors
I'm wondering if anyone has difficulty in getting vendors to respond to requests for compliance documentation when performing annual vendor risk assessments. How have you been able to overcome this obstacle?